Protecting Big Data and the need for Data Centric Security

In this special guest feature, Warren Poschman, a Solutions Architect at comforte, discusses how big data analytics can be incredibly insightful and valuable to any enterprise. What some are not aware of is every new data stream created is potentially a new attack vector for organizations to defend against. Historically, organizations have had to choose between security or analytics, but with the advent of strict data privacy and protection regulations, the choice has been removed out of the equation. comforte is a leading provider of enterprise data security and digital payments. At comforte, Poschman is focused on clients worldwide for the SecurDPS Enterprise product. His expertise covers data protection everywhere data lives from traditional Storage, Databases, Big Data and Hadoop to traditional applications, mobile, SaaS, payments, tokenization and cloud applications.

As most are aware, Big Data Analytics can
be incredibly insightful and valuable to any enterprise. What some are not
aware of is every new data stream created is potentially a new attack vector
for organizations to defend against. Historically, organizations have had to
choose between security or analytics, but with the advent of strict data
privacy and protection regulations, the choice has been removed out of the
equation. So, with security now the priority, is it possible for businesses to
get security right without data analytics suffering?

Data Today

In this digital age, data is now the golden egg needed to further business operations and it has almost revolutionized the way enterprises conduct business in the 21st century. In fact, the Big Data Analytics market is set to reach $103 billion by 2023. Through Big Data analytics, companies have the ability to improve efficiency, services and products which ultimately benefits their customers, and this is where the return on investment is measured. By having the data in front of executives, they can gain insights and view patterns on human behavior to help make clearer business decisions. And, thanks to digital transformation, Big Data is everywhere, whether that be in the cloud, or streamed from devices.

However, with businesses harvesting, analyzing and transferring large data sets outside the standard business boundary in order to connect with other digital environments, an uncontrollable web of connectivity has transpired. With enterprises often having multiple partners, suppliers and other third parties, protecting this network for be extremely challenging, especially with no guarantees the third parties are protecting the critical information. Matters are made worse when considering hackers are becoming more ingenious with their attack methods, which has resulted in 78 percent of organizations experiencing a successful cyberattack in the last 12 months. It’s clear that data security can no longer be overlooked.

Why All-encompassing Security is Needed

The true value of Big Data cannot be measured, but the more detailed or sensitive the information is, the more value it has to a business. Unfortunately, cybercriminals are aware to this fact and, in the first six months of 2019, roughly 4.1 billion records have been exposed or stolen through successful cyberattacks. But who’s duty is it to ensure security is being met? Well, it’s a collaborative effort that must involve the entire enterprise from the C-level executives, to the data analysts and engineers, right down to the rest of the workforce. Almost every department in a company comes into contact with sensitive data, so it’s high time everyone understood the threats to data are very real… and costly if not adequately addressed.

The other
major concern for businesses is ensuring compliance is being met against
industry regulations and data privacy laws that require the protection of
sensitive data. While
data privacy statutory law is still in development at the federal level, many
US states have filled the void and enacted their own data privacy laws – the
strictest being the California Consumer Privacy Act (CCPA) – which are similar
to the European General Data Protection Regulation (GDPR). In either case, if
an organization is found to be non-compliant then serious fines ranging in the
millions could be levied. If financial or credit card information is
being harvested, then PCI DSS compliance is also required. These are numerous
regulations that need to be adhered to depending on where the company operates
or who the information relates to. So, to help navigate through the many data
protection regulations, enterprises are seeking security solutions that address
these concerns in order to future-proof their businesses.

The Data-centric Security Strategy

To tackle
the complex nature of today’s online networks and help protect the data that
lies within these infrastructures, a data-centric security strategy is
required. This strategy is based on two key principles:

Protecting the data at its
earliest stage, which may seem obvious, but is
often not routinely done by organizations. If sensitive data is secured from
the offset – the moment it is collected – there is less risk that information
is shared in its unprotected form.

Only de-protecting data when
absolutely necessary. If individuals or applications need to view a piece
of protected sensitive data in plain text, then only do so when it’s essential.
This links back to principle one, where data is always protected.

Traditionally,
data in its rawest form was easier to analyze and process but doing this
securely was often a challenge. Now, tokenization technology can allow for data
processing and analysis in a protected manner while keeping overall operational
impact to a minimum. Tokenization substitutes sensitive data with a non-sensitive equivalent (known as a token) and in doing so, data
engineers can carry out analytics and gather insights while the data is still in its protected
form. By defending the sensitive information at its core, and at every stage of
its lifecycle, instead of simply building a wall around the data, it removes
the main issue brought by legacy security solutions.

The need for Big Data will continue to grow as it becomes the key for enterprises to stay competitive in a dynamic market. By implementing a “data-centric security” solution, organizations can carry out Big Data analytics without having to compensate on security. Importantly, it will all be under the lens of compliance, to ensure that adherence with data protection regulations is being met.

Resource Links:

Industry Perspectives

In this special guest feature, Sean McDermott, CEO and founder of Windward Consulting Group and RedMonocle, offers what enterprises need to know about the five levels of AIOps maturity. When maneuvering through each level, keep the long-term AIOps strategy and goals at the center to achieve the true potential of AIOps.

Latest Video

White Papers

This whitepaper provides an introduction to Apache Druid, including its evolution,
core architecture and features, and common use cases. Founded by the authors of the Apache Druid database, Imply provides a cloud-native solution that delivers real-time ingestion, interactive ad-hoc queries, and intuitive visualizations for many types of event-driven and streaming data flows.